How many victims? 19,264.
What type of personal information? Patient names, telephone numbers, addresses, birth dates, Social Security numbers, medical records, insurance numbers, procedure billing codes, diagnosis codes, lab reports, office notes, radiology reports and service dates. In some records, guarantor information was also included.
What happened? The virus was detected on or about July 28.
Details: It is not possible to determine if any sensitive documents were accessed. Further, neither the university nor the clinic has any indication that the information has been used for illegal or wrongful purposes.
What was the response? An investigation into the incident was initiated after the compromise was discovered. The clinic has implemented steps to ensure the safety and privacy of data, such as increasing the frequency of software and security updates. Letters have been sent to affected patients. Those with questions about the breach are being advised to contact the clinic at (918) 619-4542 or (866) 836-3150.
Sources: News release, “OU Tulsa Neurology Clinic Computer Compromised,” Sept. 24, 2010.
U.S. Department of Health and Human Services, "Breaches Affecting 500 or More Individuals."